[__root_mail_dma] Add new role to manage local root mail.

This type has been tested in FreeBSD and Debian-like systems (Debian, Devuan,
Ubuntu).
This commit is contained in:
evilham 2020-05-27 18:34:06 +02:00
parent e4b96ee2a4
commit 6b1e055d3d
9 changed files with 328 additions and 0 deletions

View file

@ -0,0 +1,68 @@
# Based off FreeBSD's /etc/aliases
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
#
# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES
# AND FUNCTIONS', May 1997
# http://tools.ietf.org/html/rfc2142
# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.
# root: me@my.domain
# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root
# General redirections for pseudo accounts
_dhcp: root
_pflogd: root
auditdistd: root
bin: root
bind: root
daemon: root
games: root
hast: root
kmem: root
mailnull: postmaster
man: root
news: root
nobody: root
operator: root
pop: root
proxy: root
smmsp: postmaster
sshd: root
system: root
toor: root
tty: root
usenet: news
uucp: root
# Well-known aliases -- these should be filled in!
manager: root
dumper: root
# BUSINESS-RELATED MAILBOX NAMES
info: root
marketing: root
sales: root
support: root
# NETWORK OPERATIONS MAILBOX NAMES
abuse: root
noc: root
security: root
# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
ftp: root
ftp-bugs: ftp
hostmaster: root
webmaster: root
www: webmaster

View file

@ -0,0 +1,20 @@
#!/bin/sh -e
if [ -f "${__object}/parameter/send-test-email" ]; then
SEND_EMAIL="YES"
fi
if [ "${SEND_EMAIL}" != "YES" ]; then
exit 0
fi
cat <<EOF
sendmail root << EOM
Subject: [cdist] Testing root mail on '${__target_host}'
You can safely ignore this message, it means your system will notify you
correctly of any relevant messages.
Enjoy!
EOM
EOF

View file

@ -0,0 +1,83 @@
cdist-type__root_mail_dma(7)
============================
NAME
----
cdist-type__root_mail_dma - Setup root email with the DragonFly Mail Agent
DESCRIPTION
-----------
This (singleton) type uses dma, a small Mail Transport Agent (MTA), to accept
mails from locally installed Mail User Agents (MUA) and deliver the mails
to a remote destination.
Remote delivery happens over TLS to one or more mailboxes that are local to the
email server configured in the `smart-host` parameter.
REQUIRED PARAMETERS
-------------------
smart-host
The destination email server. The addresses passed in `root-email` must be
either local to the `smart-host` or it must be configured to act as a relay
for the host being configured by this type.
REQUIRED MULTIPLE PARAMETERS
----------------------------
root-email
Destination email address. Can be specified multiple times or just once
with each address separated by commas.
This will be setup in `/etc/aliases` as the destination for the local
root mailbox.
BOOLEAN PARAMETERS
------------------
send-test-email
If present, after setup this type will send an email to root, to allow you
to easily test your setup.
OPTIONAL PARAMETERS
-------------------
mailname
If present, this will be the hostname used to identify this host and the
remote part of the from addresses.
If not defined, it defaults to `/etc/mailname` on Debian-derived Operating
Systems and to `__target_host` otherwise.
See `dma(8)` for more information.
EXAMPLES
--------
.. code-block:: sh
# Send root email to both our BOFH and the nice-admin.
# That way they can figure things out together.
__root_mail_dma \
--root-email bofh@domain.tld \
--root-email nice-admin@domain.tld \
--smart-host mx1.domain.tld \
--send-test-email
SEE ALSO
--------
- `DragonFly Mail Agent <https://github.com/corecode/dma>`_
- `DragonFly Handbook MTA <https://www.dragonflybsd.org/handbook/mta/>`_
AUTHORS
-------
Evilham <contact@evilham.com>
COPYING
-------
Copyright \(C) 2020 Evilham. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

153
type/__root_mail_dma/manifest Executable file
View file

@ -0,0 +1,153 @@
#!/bin/sh -e
os="$(cat "${__global}/explorer/os")"
root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')"
smart_host="$(cat "${__object}/parameter/smart-host")"
if [ -f "${__object}/parameter/mailname" ]; then
mailname="$(cat "${__object}/parameter/mailname")"
else
# default mailname behaviour is different in certain systems
case ${os} in
debian|devuan|ubuntu)
# Debian-like default to /etc/mailname
mailname="/etc/mailname"
;;
*)
# Otherwise let's use the hostname
mailname="${__target_host}"
;;
esac
fi
aliases_file=/etc/mail/aliases
case ${os} in
debian|devuan|ubuntu)
# Debian-like requires installing DMA
__package dma
# Moving forward without DMA doesn't make much sense
export require="__package/dma"
aliases_file=/etc/aliases
;;
freebsd)
# Disable sendmail + stop if necessary
__key_value \
--file "/etc/rc.conf" \
--comment "# Disable sendmail " \
--key "sendmail_enable" \
--delimiter "=" \
--value "NONE" \
--onchange "service sendmail onestop || true" \
"sendmail_enable"
# Setup mailwrapper accordingly
__file /etc/mail/mailer.conf \
--mode 0644 \
--source '-' <<EOF
sendmail /usr/libexec/dma
send-mail /usr/libexec/dma
mailq /usr/libexec/dma
newaliases /usr/libexec/dma
rmail /usr/libexec/dma
EOF
;;
*)
cat > /dev/stderr <<EOF
Your OS (${os}) is not supported yet.
Maybe adding support is as simple as adapting the packages or allowing it,
we highly encourage you to open a PR with the necessary changes.
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
EOF
exit 1
;;
esac
DMA_CONF="$(cat <<EOF
# Managed remotely, changes will be lost
#
# Your smarthost (also called relayhost). Leave blank if you don't want
# smarthost support.
SMARTHOST ${smart_host}
# Use this SMTP port. Most users will be fine with the default (25)
#PORT 25
# Path to your alias file. Just stay with the default.
#ALIASES /etc/aliases
# Path to your spooldir. Just stay with the default.
#SPOOLDIR /var/spool/dma
# SMTP authentication
#AUTHPATH /etc/dma/auth.conf
# Uncomment if yout want TLS/SSL support
SECURETRANSFER
# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS
# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS
# Path to your local SSL certificate
#CERTFILE
# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE. Otherwise plain login will only work
# over a secure connection. Use this option with caution.
#SECURE
# Uncomment if you want to defer your mails. This is useful if you are
# behind a dialup line. You have to submit your mails manually with dma -q
#DEFER
# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE
# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
MAILNAME ${mailname}
# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator will send mails as \$username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert will send all mails as herb@ert
# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
#NULLCLIENT
EOF
)"
__file /etc/dma/dma.conf --mode 0644 --source '-' <<EOF
${DMA_CONF}
EOF
# Setup aliases file (Debian doesn't create it by default)
__file --state exists \
--mode 0644 \
--source "${__type}/files/aliases" \
"${aliases_file}"
export require="${require} __file${aliases_file}"
# Setup the root alias
__key_value --key 'root' \
--delimiter ":" \
--comment "# Main admin(s) for this host" \
--value "${root_email}" \
--onchange 'newaliases' \
--file "${aliases_file}" \
root_mail_alias

View file

@ -0,0 +1 @@
send-test-email

View file

@ -0,0 +1 @@
mailname

View file

@ -0,0 +1 @@
smart-host

View file

@ -0,0 +1 @@
root-email

View file